70-411 Exam
Ideas to ms 411
Our Microsoft engineers will almost always be looking for a way to understand the most recent 70-411 on the internet questions. You are able to download the most recent 70-411 puts on the Exambible website. We not really just offer 70-411 pdf file exams but also the computer software edition. Exambible 70-411 examination motor creates a simulation of the surroundings if the 70-411 arises, offers a fantastic chance to exercise the actual Microsoft examination communicative surroundings. Based on the examination preparing, you are able to select any 70-411 edition to examine versatility. Transferring 70-411 examination will become more standard more quickly simply by researching Microsoft 70-411 exercise exams.
2021 Jul 70-411 administering windows server 2012 ebook:
Q21. Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 has the DHCP Server server role and the Network Policy Server role service installed.
Server1 contains three non-overlapping scopes named Scope1, Scope2, and Scope3. Server1 currently provides the same Network Access Protection (NAP) settings to the three scopes.
You modify the settings of Scope1 as shown in the exhibit. (Click the Exhibit button.)
You need to configure Server1 to provide unique NAP enforcement settings to the NAP non-compliant DHCP clients from Scope1.
What should you create?
A. A connection request policy that has the Service Type condition
B. A connection request policy that has the Identity Type condition
C. A network policy that has the Identity Type condition
D. A network policy that has the MS-Service Class condition
Answer: D
Explanation:
MS-Service Class
Restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method. To use the MS-Service Class attribute, in Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile.
Open the NPS console, double-click Policies, click Network Policies, and then double-click the policy you want to configure.
In policy Properties, click the Conditions tab, and then click Add. In Select condition, scroll to the Network Access Protection group of conditions.
If you want to configure the Identity Type condition, click Identity Type, and then click Add.
In Specify the method in which clients are identified in this policy, select the items appropriate for your deployment, and then click OK.
The Identity Type condition is used for the DHCP and Internet Protocol security (IPsec) enforcement methods to allow client health checks when NPS does not receive an Access-Request message that contains a value for the User-Name attribute; in this case, client health checks are performed, but authentication and authorization are not performed.
If you want to configure the MS-Service Class condition, click MS-Service Class, and then click Add. In Specify the profile name that identifies your DHCP scope, type the name of an existing DHCP profile, and then click Add.
The MS-Service Class condition restricts the policy to clients that have received an IP address from a DHCP scope that matches the specified DHCP profile name. This condition is used only when you are deploying NAP with the DHCP enforcement method.
References: http: //technet. microsoft. com/en-us/library/cc731560(v=ws. 10). aspx
http: //technet. microsoft. com/en-us/library/cc731220(v=ws. 10). aspx
Q22. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012 R2.
In a remote site, a support technician installs a server named DC10 that runs Windows Server 2012 R2. DC10 is currently a member of a workgroup.
You plan to promote DC10 to a read-only domain controller (RODC).
You need to ensure that a user named Contoso\User1 can promote DC10 to a RODC in the contoso.com domain. The solution must minimize the number of permissions assigned to User1.
What should you do?
A. From Active Directory Users and Computers, run the Delegation of Control Wizard on the contoso.com domain object.
B. From Active Directory Administrative Center, pre-create an RODC computer account.
C. From Ntdsutil, run the local roles command.
D. Join DC10 to the domain. Run dsmod and specify the /server switch.
Answer: B
Explanation:
A staged read only domain controller (RODC) installation works in two discrete phases:
1. Staging an unoccupied computer account
2. Attaching an RODC to that account during promotion
Reference: Install a Windows Server 2012 R2 Active Directory Read-Only Domain Controller (RODC)
Q23. HOTSPOT
Your network contains an Active Directory domain named contoso.com. The domain contains three member servers named Server1, Server2, and Server3. All servers run Windows Server 2012 R2 and have the Windows Server Update Services (WSUS) server role installed.
Server1 and Server2 are configured as replica servers that use Server3 as an upstream server.
You remove Servers from the network.
You need to ensure that WSUS on Server2 retrieves updates from Server1. The solution must ensure that Server1 and Server2 have the latest updates from Microsoft.
Which command should you run on each server? To answer, select the appropriate command to run on each server in the answer area.
Answer:
Q24. Your network contains an Active Directory domain named contoso.com. The domain contains more than 100 Group Policy objects (GPOs). Currently, there are no enforced GPOs.
The domain is renamed to adatum.com.
Group Policies no longer function correctly.
You need to ensure that the existing GPOs are applied to users and computers. You want to achieve this goal by using the minimum amount of administrative effort.
What should you use?
A. Dcgpofix
B. Get-GPOReport
C. Gpfixup
D. Gpresult
E. Gpedit. msc
F. Import-GPO
G. Restore-GPO
H. Set-GPInheritance
I. Set-GPLink
J. Set-GPPermission
K. Gpupdate
L. Add-ADGroupMember
Answer: C
Explanation:
You can use the gpfixup command-line tool to fix the dependencies that Group Policy objects (GPOs) and Group Policy links in Active Directory Domain Services (AD DS) have on Domain Name System (DNS) and NetBIOS names after a domain rename operation.
Reference: http: //technet. microsoft. com/en-us/library/hh852336(v=ws. 10). aspx
Q25. Your network contains an Active Directory domain named contoso.com. Network Access Protection (NAP) is deployed to the domain.
You need to create NAP event trace log files on a client computer.
What should you run?
A. logman
B. Register-ObjectEvent
C. tracert
D. Register-EngineEvent
Answer: A
Explanation:
You can enable NAP client tracing by using the command line. On computers running Windows Vista., you can enable tracing by using the NAP Client Configuration console. NAP client tracing files are written in Event Trace Log (ETL) format. These are binary files representing trace data that must be decoded by Microsoft support personnel. Use the –o option to specify the directory to which they are written. In the following example, files are written to %systemroot%\tracing\nap. For more information, see Logman (http: //go. microsoft.com/fwlink/?LinkId=143549).
To create NAP event trace log files on a client computer
Open a command line as an administrator.
Type
logman start QAgentRt -p {b0278a28-76f1-4e15-b1df-14b209a12613} 0xFFFFFFFF 9 -o
%systemroot%\tracing\nap\QAgentRt. etl –ets.
Note: To troubleshoot problems with WSHA, use the following GUID: 789e8f15-0cbf-4402-b0ed-0e22f90fdc8d.
Reproduce the scenario that you are troubleshooting.
Type logman stop QAgentRt -ets.
Close the command prompt window.
References:
http: //technet. microsoft. com/en-us/library/dd348461%28v=ws. 10%29. aspx
Leading cbt nuggets 70-411 with r2 updates:
Q26. You have a DNS server named Served that has a Server Core Installation on Windows Server 2012 R2.
You need to view the time-to-live (TTL) value of a name server (NS) record that is cached by the DNS Server service on Server1.
What should you run?
A. Show-DNSServerCache
B. nslookup.exe
C. ipconfig.exe /displaydns
D. dnscacheugc.exe
Answer: A
Explanation:
The Show-DNSServerCache shows all cached Domain Name System (DNS) server resource records in the following format: Name, ResourceRecordData, Time-to-Live (TTL).
Q27. Your network contains an Active Directory domain named contoso.com. The network contains a server named Server1 that runs Windows Server 2012 R2. Server1 has the Network Policy and Access Services server role installed.
You plan to deploy additional servers that have the Network Policy and Access Services server role installed. You must standardize as many settings on the new servers as possible.
You need to identify which settings can be standardized by using Network Policy Server (NPS) templates.
Which three settings should you identify? (Each correct answer presents part of the solution. Choose three.)
A. IP filters
B. shared secrets
C. health policies
D. network policies
E. connection request policies
Answer: A,B,C
Q28. Your network contains an Active Directory domain named contoso.com. The domain contains two servers named Server1 and Server2. Both servers run Windows Server 2012 R2. Both servers have the File and Storage Services server role, the DFS Namespaces role service, and the DFS Replication role service installed.
Server1 and Server2 are part of a Distributed File System (DFS) Replication group named Group1. Server1 and Server2 are separated by a low-speed WAN connection.
You need to limit the amount of bandwidth that DFS can use to replicate between Server1 and Server2.
What should you modify?
A. The referral ordering of the namespace
B. The staging quota of the replicated folder
C. The cache duration of the namespace
D. The schedule of the replication group
Answer: D
Explanation:
Scheduling allows less bandwidth the by limiting the time interval of the replication
Does DFS Replication throttle bandwidth per schedule, per server, or per connection?
If you configure bandwidth throttling when specifying the schedule, all connections for that replication group will use that setting for bandwidth throttling. Bandwidth throttling can be also set as a connection-level setting using DFS Management.
To edit the schedule and bandwidth for a specific connection, use the following steps:
In the console tree under the Replication node, select the appropriate replication group.
Click the Connections tab, right-click the connection that you want to edit, and then click Properties.
Click the Schedule tab, select Custom connection schedule and then click Edit Schedule.
Use the Edit Schedule dialog box to control when replication occurs, as well as the maximum amount of bandwidth replication can consume.
Q29. HOTSPOT
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the Remote Access server role installed.
You need to configure the ports on Server1 to ensure that client computers can establish VPN connections to Server1 by using TCP port 443.
What should you modify? To answer, select the appropriate object in the answer area.
Answer:
Q30. You are a network administrator of an Active Directory domain named contoso.com.
You have a server named Server1 that runs Windows Server 2012 R2. Server1 has the DHCP Server server role and the Network Policy Server role service installed.
You enable Network Access Protection (NAP) on all of the DHCP scopes on Server1.
You need to create a DHCP policy that will apply to all of the NAP non-compliant DHCP clients.
Which criteria should you specify when you create the DHCP policy?
A. The client identifier
B. The user class
C. The vendor class
D. The relay agent information
Answer: B
Explanation:
To configure a NAP-enabled DHCP server
On the DHCP server, click Start, click Run, in Open, type dhcpmgmt. smc, and then press ENTER.
In the DHCP console, open <servername>\IPv4.
Right-click the name of the DHCP scope that you will use for NAP client computers, and then click Properties.
On the Network Access Protection tab, under Network Access Protection Settings, choose Enable for this scope, verify that Use default Network Access Protection profile is selected, and then click OK.
In the DHCP console tree, under the DHCP scope that you have selected, right-click Scope Options, and then click Configure Options.
On the Advanced tab, verify that Default User Class is selected next to User class.
Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by compliant NAP client computers, and then click Add. Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each router to be used by compliant NAP client computers, and then click Add. Select the 015 DNS Domain Name check box, and in String value, under Data entry, type your organization's domain name (for example, woodgrovebank. local), and then click Apply. This domain is a full-access network assigned to compliant NAP clients. On the Advanced tab, next to User class, choose Default Network Access Protection Class. Select the 003 Router check box, and in IP Address, under Data entry, type the IP address for the default gateway used by noncompliant NAP client computers, and then click Add. This can be the same default gateway that is used by compliant NAP clients. Select the 006 DNS Servers check box, and in IP Address, under Data entry, type the IP address for each DNS server to be used by noncompliant NAP client computers, and then click Add. These can be the same DNS servers used by compliant NAP clients. Select the 015 DNS Domain Name check box, and in String value, under Data entry, type a name to identify the restricted domain (for example, restricted. Woodgrovebank. local), and then click OK. This domain is a restricted-access network assigned to noncompliant NAP clients. Click OK to close the Scope Options dialog box. Close the DHCP console.
Reference: http: //technet.microsoft.com/en-us/library/dd296905%28v=ws.10%29.aspx